Bittensor was forced to halt its network activity on July 3 following a series of wallet drains that stole at least $8 million worth of digital assets.
The network outage aiming to contain the exploit was announced by Ala Shaabana, the co-founder of Bittensor, in a July 3 X post:
“By way of an update, we have contained the attack and put the chain into safe mode (blocks producing but no transactions are permitted). We’re still mid-investigation and are considering all possibilities.”
Hacks and exploits remain one of the most pressing concerns for the crypto space that are delaying mass adoption. The crypto industry suffered nearly $19 billion worth of theft in the past 13 years across 785 reported crypto hacks.
Attacker steals at least $8 million worth of TAO via potential private key leak
The theft was first discovered by pseudonymous onchain investigator ZachXBT in a July 3 Telegram message. He wrote:
“Bittensor was halted due to additional thefts earlier today potentially as a result of private key leakage.”
The unknown address ‘5FbW’ was exploited to obtain 32,000 Bittensor (TAO) tokens, worth approximately $8 million.
This latest attack comes a month after a different wallet was drained for $11.2 million worth of TAO tokens on June 1, according to ZachXBT.
Private key leaks surpass smart contract thefts
While smart contract vulnerabilities previously accounted for the lion’s share of hacked funds, private key leaks have surpassed smart contract-related attacks.
Over 55% of the hacked digital assets were lost to private key leaks during 2023, according to Merkle Science’s “2024 Crypto HackHub Report” report.
This is partly because hackers are vying for easier targets, according to Mriganka Pattnaik, co-founder and CEO of crypto risk and intelligence platform Merkle Science.
Pattnaik told Cointelegraph:
“While smart contract vulnerabilities remain a concern, hackers increasingly target areas outside smart contracts, like private key leaks. These leaks, often due to phishing attacks or insecure storage practices, have led to significant losses.”
Meanwhile, hacked funds lost to smart contract vulnerabilities fell 92% to $179 million in 2023, down from a staggering $2.6 billion in 2022.